The latest firmware update for the PS3 (3.56) included a security patch that was thought to introduce a rootkit. Such an update would supposedly allow Sony to verify system files or look for home-brew games. While creating an uproar in the gaming community, it looks to have been something Sony has had the right to do since the PS3 went on sale.

According to Chris Boyd, a leading security researcher at GFI (and also noticed by one of our Eagle eyed readers “TheHighlander”), the technique deployed by Sony is not new since the original terms and conditions (back in 2006) allowed the company to do remote updates to check for irregularities with the default code.

More specifically – reading between the lines – sections 3 & 4 of the terms seems to back this up:

From time to time, SCE may provide certain updates, upgrades or services to your PS3 system to ensure it is functioning properly in accordance with SCE guidelines. Some services may be provided automatically without notice when you sign onto SCE’s online network, and others may be available to you through SCE’s website or authorized channels. Without limitation, services may include the provision of the latest update or download of new release that may include security patches, and new or revised settings and features which may prevent access to pirated games, or use of unauthorized hardware or software in connection with the PS3 system. Some services may change your current settings, cause a loss of data or content, or cause some loss of functionality. It is recommended that you regularly back up any data on the hard disk that is of a type that can be backed up.

SCE may use DNAS (Dynamic Network Authentication System), a proprietary system designed to authenticate game titles and the PS3 system when you connect the PS3 system to a network. DNAS may retrieve information about your hardware and software for authentication, copy protection, account blocking, system, rules, game management and other purposes. The information collected is not your personally identifying information and there is no way to identify you from the information collected by DNAS. Any unauthorized transfer, exhibition, export, import or transmission of programs and devices circumventing DNAS may be prohibited by law. SCE reserves the right to use any other authentication or security system, or method in connection with the PS3 system.

So whatever your opinion of the rootkit scandal is, if you have agreed to the above terms Sony has effectively got every right to ensure that the security of their system remains intact.

I think that the biggest problem with the scandal is that Sony tried to implement the changes into the latest firmware update quietly without making a big announcement about them. Those changes were then discovered and deemed as a threat to people’s individual rights. But even if Sony has tweaked things slightly, section 8 of the terms covers its back:

Your continued access to or use of the System Software will signify your acceptance of any changes to this Agreement. In the event of any conflict between this Agreement and the Terms of Service and User Agreement for SCE’s online network, the terms of this Agreement shall control the use of or access to, the System Software.

Reader Comments

Jim Chu

Just another reason not to buy a PS3. Seems like that bit of legalese also covers them for installing spyware. Wonder if the equivalent exists on the Xbox? Then they could turn on the Kinect and see what you’re up to on the couch with your girlfriend (or boyfriend).

It’s a terrible choice – give up the right to do with your purchased hardware as you please, or put up with the cheaters ala PC games, which is what the PS3 turned into once the hackers pwned it.

Reasons I have not and will not buy PS3/Xbox:

1. No keyboard/mouse controller.
2. Your purchased game collection could be invalidated at whim of manufacturer.
3. Your purchased hardware could be disabled at whim of manufacturer.
4. No keyboard/mouse controller.
5. Even with all the security/loss of freedom, the platform still gets hacked. (does this sound familiar TSA?)
7. No keyboard/mouse controller.
8. Did you notice item six was missing? Just like the “Other OS” feature in the PS3?
9. Creating millions of consoles worth of landfill due to piracy issues (are you listening Microsoft?) is definitely NOT GREEN. Offer some kind of program – pay $50 to turn the box back on – instead of making toxic waste.